Description
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Published: 2026-05-26
Score: 8.9 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local attacker can exploit a flaw in the background service of OpenVPN Connect on macOS to send crafted messages through an inter‑process communication channel. The vulnerability allows execution of arbitrary system commands with the privileges of the service, effectively raising the attacker’s privileges. The weakness is rooted in improper handling of IPC requests and flawed privilege isolation. The affected weaknesses include insecure privileged access, insufficient authorization, and unsafe command execution.

Affected Systems

OpenVPN Inc. OpenVPN Connect built for macOS, versions 3.5.1 through 3.8.1.

Risk and Exploitability

The CVSS score of 8.9 indicates high severity. The EPSS score is not reported, and the issue is not listed in CISA’s KEV catalog, but the flaw permits local privilege escalation with minimal prerequisites. An attacker must already have local access and be able to communicate with the background service, which is plausible on compromised or shared systems.

Generated by OpenCVE AI on May 26, 2026 at 19:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenVPN Connect to a version that fixes the privilege escalation bug (available in releases after 3.8.1).
  • If a newer version is not yet available and the background service cannot be disabled, uninstall OpenVPN Connect or stop its background service to eliminate the IPC endpoint.
  • Apply system hardening: restrict local user permissions and limit IPC channel access through macOS security settings or application sandboxing.

Generated by OpenCVE AI on May 26, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Weaknesses CWE-267
CWE-270
CWE-648
CWE-78
References
Metrics cvssV4_0

{'score': 8.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: OpenVPN

Published:

Updated: 2026-05-26T18:08:16.845Z

Reserved: 2026-05-26T10:31:38.473Z

Link: CVE-2026-9560

cve-icon Vulnrichment

Updated: 2026-05-26T18:08:12.480Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T18:16:58.577

Modified: 2026-05-26T19:08:15.080

Link: CVE-2026-9560

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T19:45:06Z

Weaknesses